<?php
include('admin.php');
set_page_info('id', 'users');

if (ACTION == 'new') {
	if (isset($_POST['submit'])) {
		$c = get_post_data();
		
		if (empty($c['username']) || empty($c['password']) || empty($c['password2']) || empty($c['email'])) error('Please enter the required fields (username, password, and email).');
		if (!valid_username($c['username']) || !valid_password($c['password']) || !valid_email($c['email'])) error('Pleae enter valid data for the required fields (username, password, and email).');
		if ($c['password'] !== $c['password2']) error('The passwords don\'t match.');
		$result = $mysql->query('SELECT COUNT(*) FROM `'.USERS.'` WHERE `user_username` = "'.escape($c['username']).'"');
		if ((int)mysql_result($result, 0) > 0) error('That username already exists.');
		
		if (!empty($c['website']) && !valid_url($c['website'])) $c['website'] = '';
		$c['profile'] = clean($_POST['profile'], true);
		
		if(isset($c['isadmin']))
		{
			$isadmin = 1;
		}
		else
		{
			$isadmin = 0;
		}
		
		$result = $mysql->insert(USERS, array(
			'user_username' => $c['username'],
			'user_password' => md5($c['password']),
			'user_email' => $c['email'],
			'user_isadmin' => $isadmin,
			'user_website' => $c['website'],
			'user_nickname' => $c['nickname'],
			'user_profile' => $c['profile'],
			'user_ip' => get_global($_SERVER, 'REMOTE_ADDR')
		));
		
		if ($result === true) header('Location: users.php#user-'.$mysql->lastInsertId);
		else error('There was an error saving the user.');
	} else {
		set_page_info('title', 'New User');
		get_header();
?>
		<h2>New User</h2>
		<form action="users.php?action=new" method="post">
			<p><label for="username">Username</label>
			<input type="text" name="username" id="username" />
			<span>4-18 letters, numbers, underscores, or hyphens.</span></p>
			
			<p>
				<label for="password">Password</label>
				<input type="password" name="password" id="password" class="block marginbottom" />
				<label for="password2">Confirm Password</label>
				<input type="password" name="password2" id="password2" />
				<span>6-14 letters, number, underscores, or hyphens.</span>
			</p>
			
            <p align="left"><label for="isadmin">Permission</label>
			
          Check here is the user is Administrator <input name="isadmin" id="isadmin" type="checkbox" value="" /> </p>
            
			<p><label for="email">Email</label>
			<input type="text" name="email" id="email" /></p>
			
			<p><label for="website">Website</label>
			<input type="text" name="website" id="website" value="http://" />
			<span>Completely optional.</span></p>
			
			<p><label for="nickname">Nickname</label>
			<input type="text" name="nickname" id="nickname" />
			<span>If left blank, username will be displayed.</span></p>
			
			<p><label for="profile">Profile</label>
			<textarea name="profile" id="profile" rows="6" cols="60"></textarea>
			<span>A little description of the user. Completely optional.</span></p>
			
			<p><input type="submit" name="submit" class="button" value="Save" /></p>
		</form>
<?php
		get_footer();
	}
} elseif (ACTION == 'edit') {
	$id = (int)get_global($_GET, 'id');
	$user = get_single_item(array(
		'table' => USERS,
		'class' => 'user',
		'where' => '`user_id` = "'.$id.'"'
	));
	if (empty($user)) error('That is not a valid user.');
	
	if (isset($_POST['submit'])) {
		$c = get_post_data();
		
		if (empty($c['password']) || md5($c['password']) !== $user->get_password()) error('Please enter the old password.');
		if (empty($c['email'])) $c['email'] = $user->get_email();
		if (!empty($c['newpassword']) && !empty($c['newpassword2']) && valid_password($c['newpassword']) && $c['newpassword'] === $c['newpassword2']) $c['password'] = $c['newpassword'];
		if (!empty($c['website']) && !valid_url($c['website'])) $c['website'] = '';
		
		if(isset($c['isadmin']))
		{
			$isadmin = 1;
		}
		else
		{
			$isadmin = 0;
		}
		
		
		$c['profile'] = clean($_POST['profile'], true);
		$result = $mysql->update(USERS, array(
			'user_password' => md5($c['password']),
			'user_email' => $c['email'],
			'user_isadmin' => $isadmin,
			'user_website' => $c['website'],
			'user_nickname' => $c['nickname'],
			'user_profile' => $c['profile']
		), '`user_id` = "'.$user->get_id().'"');
		
		if ($result === true) header('Location: users.php#user-'.$user->get_id());
		else error('There was an error saving the user.');
	} else {
		set_page_info('title', 'Editing User: '.$user->display_name(false));
		get_header();
?>
		<h2>Editing User: <?php $user->display_name(); ?></h2>
		<form action="users.php?action=edit&amp;id=<?php $user->the_id(); ?>" method="post">
			<p><label for="username">Username</label>
			<input type="text" name="username" id="username" class="disabled" value="<?php $user->the_username(); ?>" disabled="disabled" />
			<span>4-18 letters, numbers, underscores, or hyphens.</span></p>
			
			<p>
				<label for="password">Password</label>
				<input type="password" name="password" id="password" value="<?php //print $user->get_password(); ?>" class="block marginbottom" />
				
			</p>
			
			<p>
				<label for="newpassword">New Password</label>
				<input type="password" name="newpassword" id="newpassword" class="block marginbottom" />
				<label for="newpassword2">Confirm New Password</label>
				<input type="password" name="newpassword2" id="newpassword2" />
				<span>Leave blank to keep old password. 6-14 letters, number, underscores, or hyphens.</span>
			</p>
            
             <p align="left"><label for="email">Permission</label>
			
          Check here is the user is Administrator <input name="isadmin" id="isadmin" type="checkbox" value=""  <?php print $user->get_isadmin(); ?>/></p>
			
			<p><label for="email">Email</label>
			<input type="text" name="email" id="email" value="<?php $user->the_email(); ?>" /></p>
			
			<p><label for="website">Website</label>
			<input type="text" name="website" id="website" value="<?php $user->the_website(false); ?>" />
			<span>Completely optional.</span></p>
			
			<p><label for="nickname">Nickname</label>
			<input type="text" name="nickname" id="nickname" value="<?php $user->the_nickname(); ?>" />
			<span>If left blank, username will be displayed.</span></p>
			
			<p><label for="profile">Profile</label>
			<textarea name="profile" id="profile" rows="6" cols="60"><?php $user->the_profile(false); ?></textarea>
			<span>A little description of the user. Completely optional.</span></p>
			
			<p><input type="submit" name="submit" class="button" value="Save" /></p>
		</form>
<?php
		get_footer();
	}
} elseif (ACTION == 'delete') {
	$id = (int)get_global($_GET, 'id');
	if ($id === 1) error('You can\'t delete the default user.');
	$result = delete_user($id);
	
	if ($result === true) header('Location: users.php');
	else error('There was an error deleting the user.');
} else {
	$users = new items(array(
		'table' => USERS,
		'class' => 'user',
		'order' => '`user_id` DESC'
	));
	set_page_info('title', 'Manage Users');
	get_header();
?>
		<h2>Manage Users<span>(<a href="users.php?action=new">add one?</a>)</span></h2>
		<form action="mass-delete.php?type=users" method="post">
			<table  width="100%">
				<thead>
					<tr>
						<th><input type="checkbox" /></th>
						<th>Username</th>
						<th>Email</th>
						<th># of Posts</th>
						<th>&nbsp;</th>
					</tr>
				</thead>
				<tfoot>
					<tr>
						<td colspan="5">
							<input type="submit" name="submit" class="button" value="Delete" />
							Page: <?php echo $users->pagination['page']; ?><?php if ($users->needsPagination()) { echo ' &mdash; '; $users->pagination(); } ?>
						</td>
					</tr>
				</tfoot>
				<tbody>
<?php
	if ($users->total > 0) {
		foreach($users->items as $user) {
?>
					<tr<?php $user->the_row_info(); ?>>
						<td class="checkbox"><input type="checkbox" name="mass_delete[]" value="<?php $user->the_id(); ?>" /></td>
						<td><?php $user->the_username(); ?></td>
						<td><?php $user->the_email_link(); ?></td>
						<td><?php $user->the_post_amount(); ?></td>
						<td class="options"><?php $user->the_options(); ?></td>
					</tr>
<?php
		}
	} else {
?>
					<tr>
						<td colspan="5">No users found.</td>
					</tr>
<?php } ?>
				</tbody>
			</table>
		</form>
<?php
	get_footer();
}
?>